Cybersecurity | Small-Cap Spotlight

Editorial feature • Approx. 6 min read

The Man Who Built the Internet Is Now Helping to Secure It — and the Company He Co-Founded Just Hit $80 Million in Backlog

Cycurion’s co-founder helped create the .com, .net, and .gov domain infrastructure. Now the company he co-founded is quietly applying that same government-proven expertise to one of the most urgent problems in tech — and the market still has not caught up.

Every day, somewhere in the world, a hospital loses access to patient records. A city’s water treatment controls go dark. A mid-sized manufacturer discovers that a competitor in another country has been reading its product roadmaps for two years. A school district pays a ransom in Bitcoin to get its files back.

This is not the future. This is a Tuesday.

What investors are watching

$80M+ contracted backlog
Government and enterprise client exposure
Cybersecurity, AI, and regulatory tailwinds
Small-cap valuation relative to peer group

Global cybercrime damages have grown from $3 trillion in 2015 to an estimated $10.5 trillion in 2025. Source: Cybersecurity Ventures / Statista estimates.

Cybercrime is now one of the largest economic threats on earth, with global damages projected to reach $10.5 trillion annually by 2025 — a figure that exceeds the GDP of Japan and Germany combined. And yet, despite the scale of the problem, most organizations are still protecting their digital assets the same way they were a decade ago: with legacy tools, patchwork solutions, and the hope that they will not be next.

The cybersecurity industry has grown enormously in trying to solve this problem. There are thousands of vendors, hundreds of platforms, and billions of dollars of investment chasing the space. And yet breaches keep happening. Networks keep going dark. Data keeps leaking.

Why? Because most of the security industry is playing defense against yesterday’s attacks. The threats have evolved. The defenders, largely, have not.

“Most organizations are protecting themselves the way they were a decade ago — and the people attacking them know it.”

The companies built to solve this problem — the enterprise giants and the legacy managed security providers — have become slow, expensive, and difficult to access. They serve the Fortune 50 reasonably well. Everyone else is largely on their own.

That gap — between the sophistication of modern threats and the accessibility of genuinely capable security — is exactly where one company has been building its business. And the man at the center of it has credentials in the technology sector that are essentially impossible to replicate.

The Two Failures Nobody Has Fixed

To understand the opportunity, you need to understand two distinct problems in the current cybersecurity market.

The first is a capability gap. Government agencies — particularly U.S. federal agencies — operate under a completely different security paradigm than the private sector. They have access to threat intelligence, tools, and methodologies forged through decades of adversarial conflict with nation-state actors. The private sector, for the most part, does not. When a hospital, a regional bank, or a local government gets hit by a sophisticated attack, it is often facing tactics that government security teams have been tracking — and countering — for years. That knowledge simply has not transferred.

The second is a delivery problem. Even the best security knowledge in the world is useless if it cannot be deployed at scale, affordably, and without requiring a team of specialists to operate. Legacy enterprise vendors have addressed the capability problem for their largest clients — but at a price point and complexity level that is simply inaccessible to the thousands of mid-market companies, regional healthcare systems, school districts, and local governments that need it most.

These two failures create a very large, very vulnerable market — and an opportunity for a company that can bridge the gap: one that can take government-grade capability and deliver it in a way the rest of the market can actually use.

Why This Moment Is Different

The cybersecurity problem is not new. But three forces have converged in recent years that make the current moment significantly more urgent than any period before it.

First, AI has fundamentally altered the threat landscape.

Attackers now have access to tools that can automate vulnerability discovery, generate convincing phishing content at scale, and adapt in real time to defensive measures. Security teams that were already stretched thin are now facing an exponentially harder problem with the same resources.

Second, the regulatory environment has tightened considerably.

Healthcare organizations face stricter HIPAA enforcement. Financial institutions face expanding cyber disclosure requirements from the SEC. Government contractors face increasingly stringent CMMC compliance standards. Being insecure is no longer just a business risk — for a growing list of organizations, it is a legal one.

Third, the SLED sector is sitting on an unprecedented amount of federal cybersecurity funding.

Infrastructure legislation passed in recent years has directed billions of dollars specifically toward upgrading the cyber posture of state and local governments and educational institutions. That money is working its way through procurement channels now, and the organizations best positioned to capture it are those with established government relationships, demonstrated compliance capabilities, and a proven delivery track record.

“AI-accelerated threats, tighter regulations, and billions in newly available federal funding have created a perfect convergence. The market is just beginning to react.”

These three forces — threat escalation, regulatory pressure, and newly available federal funding — have converged at exactly the moment the market is searching for a new class of security provider. Not the old enterprise giants. Not off-the-shelf point solutions. Something in between: a provider with genuine government-grade capability that can be deployed at the speed and scale the modern market demands.

The Co-Founder Who Helped Build the Internet — and the Company He Built to Secure It

In the late 1970s, a technology executive named Emmit McHenry founded a company called Network Solutions.[1] What his team accomplished there became foundational infrastructure for the modern internet — including the development of early internet protocols and the creation and management of the .com, .net, .edu, and .gov domain name system. Network Solutions became the world’s first domain name registrar.

Think about what that means. Every time someone types a web address, the underlying architecture that routes that request traces back, in part, to work that McHenry oversaw. The commercial internet still runs on the foundations his team helped build.

After Network Solutions, McHenry went on to found NetCom Solutions International, a network engineering and security firm that accrued $260 million in revenue and received service excellence awards from IBM, NASA, and Lucent Technologies.[1] Through those years, he watched the network he helped build become the world’s largest attack surface. He watched the threat landscape evolve. And he built a thesis: that the gap between government-grade security and what the broader market could actually access was not just a problem — it was a business.

In 2017, McHenry co-founded Cycurion alongside co-founder Alvin McCoy.[2] McHenry currently serves as Director on the Board, while Kevin Kelly serves as Chairman and Chief Executive Officer.

McLean, Virginia — the company’s home — is not an accident. It sits at the heart of the U.S. intelligence and defense contracting ecosystem. The proximity, the relationships, and the credibility that come with operating in that environment are not things a competitor can replicate overnight. Cycurion’s client roster reflects this reality: it includes the U.S. Department of Defense, the Defense Intelligence Agency, the Department of Homeland Security, the U.S. Navy, Verizon, AT&T, and Bank of America.[3]

The company’s model is straightforward in concept, sophisticated in execution: take the security methodologies, tools, and talent that have been protecting the most sensitive networks in the world, and make them accessible to the broader market — enterprises, healthcare systems, financial institutions, educational organizations, and government agencies at every level.

Cycurion offers three core service lines: Managed IT Services, Managed Security Services, and Cybersecurity Consulting. Central to all three is the proprietary ARx Platform — an AI-driven security layer that wraps around a digital asset without requiring hardware or cloud installation, inspects every request in real time, and blocks threats before they reach the asset, while keeping client intellectual property completely private.[4]

The Numbers That Tell the Story

Cycurion completed its NASDAQ listing in 2023. For investors who follow small-cap technology, the financial picture that has emerged since deserves a careful look.

$80M+

Contracted backlog as of end-2025 [5]

~4x

Backlog as a multiple of FY2024 revenue [5]

$2.00

Book value per share, end-2025 [5]

#116

MSSP Alert 2025 Top 250 debut ranking [6]

Contracted backlog versus annual revenue chart

Contracted backlog of $80M+ represents approximately 4× FY2024 revenue of $15.67M. Source: Cycurion Q3 2025 Shareholder Letter.

The $80 million contracted backlog is the headline number in the Cycurion story right now.[5] Revenue from contracted work is not speculative — it is committed. For a company with fiscal 2024 revenue of approximately $15.67 million, a backlog that represents roughly four times annual revenue signals significant forward momentum.

It is also worth understanding the context behind recent revenue figures. Cycurion’s quarterly revenue has declined year over year — Q3 2025 revenue was $3.83 million, down 13.9% from the prior-year period. Management attributes this to a deliberate strategic pivot: moving away from lower-margin legacy contracts toward higher-value SLED and enterprise engagements.[5] Recent SEC filings also note going-concern risk disclosures, which are standard for companies in active growth investment phases and should be weighed by investors accordingly.

The MSSP Alert recognition provides independent external validation.[6] Debuting at No. 116 on MSSP Alert’s 2025 Top 250 list — in its first year of evaluation — places Cycurion among managed security providers that have been operating for decades. This is an industry benchmark that cannot be bought with a press release.

In January 2026, Litchfield Hills Research issued a coverage initiation report on Cycurion with a Buy rating and a $7.00 price target.[7] The firm highlighted the backlog-to-revenue ratio and what it characterized as a significant valuation disconnect relative to peers: at the time of the report, Cycurion shares traded at a price-to-book ratio of approximately 0.53, compared to a peer group average of 9.0x revenue. Even at the $7.00 target, the analyst noted CYCU would trade at an estimated 2.9x 2026 revenue versus the peer median of 9.0x. Investors should note that Cycurion engaged and compensated Litchfield Hills Research for this coverage — a disclosure made in the company’s press release on the matter.

CYCU valuation versus cybersecurity peer median chart

CYCU valuation at current price vs. analyst target vs. cybersecurity peer median. Source: Litchfield Hills Research (commissioned by Cycurion), Jan. 2026.

“Trading at 0.53x book value while peers average 9.0x revenue. Even at the analyst’s $7 price target, the stock would still be at a significant discount to its peer group.”

What to Watch: The Catalysts Ahead

For investors evaluating Cycurion, there are several specific developments worth monitoring.

The Kustom Entertainment MOU. In January 2026, Cycurion announced a non-binding memorandum of understanding to acquire the video solutions division of Kustom Entertainment, Inc. (NASDAQ: KUST).[8] The contemplated transaction is valued at $6.0–$8.4 million — paid primarily in Cycurion preferred stock rather than cash.
Cost restructuring. In February 2026, Cycurion announced a strategic business reorganization designed to reduce operating costs by over $2.2 million annually, alongside the appointment of Rick Finfera as Chief Revenue Officer.[9]
SLED pipeline conversion. Federal cybersecurity funding allocated to state, local, and education organizations is actively moving through procurement. Cycurion’s government relationships, compliance certifications, and subsidiary SLG Innovation position it to compete for a meaningful share of this spend.
Backlog-to-revenue conversion. The $80 million backlog is the headline number, but what matters to investors is how quickly and reliably it converts to recognized revenue. Upcoming quarterly reports will be the primary signal here.

The Bigger Picture

There is a version of this story that is simple: a small-cap cybersecurity company with a substantial backlog is trading at a steep discount to its peers. The math, if the business executes, could be meaningful.

But the more interesting version is about what Cycurion actually represents. The cybersecurity industry has a structural problem: the organizations that most need sophisticated security are also the ones least equipped to afford or deploy it. The industry has concentrated its innovation and talent at the high end of the market, and the middle has been left largely to manage with what it can afford.

Cycurion is a bet that this gap closes — not because the market suddenly decides to care about it, but because AI-driven threats, tightening regulations, and the availability of federal cybersecurity funding are forcing it to. The organizations that have been underprotected are being told, in increasingly direct terms, that they can no longer afford to stay that way.

When they go looking for a provider that can deliver government-grade security at an accessible price point — one built by the people who literally constructed the internet’s infrastructure, operating out of McLean with a decade of government relationships and a proprietary AI-driven platform — Cycurion is a credible answer.

Whether and when the market fully agrees is, as always, what makes it interesting.

View CYCU stock quote, price history, and investor information.

Cycurion, Inc. trades on the NASDAQ under the ticker symbol CYCU.

Explore the CYCU stock page

Sources

Cycurion — Emmit McHenry biography
Cycurion — Leadership page Yahoo Finance company profile (founded 2017)
Cycurion — Client references and industries
Cycurion — ARx Platform description
Cycurion Q3 2025 Shareholder Letter Dec. 30, 2025 (GlobeNewswire)
Cycurion MSSP Alert Top 250 announcement Dec. 16, 2025 (GlobeNewswire)
Litchfield Hills Research initiation on Cycurion Feb. 3, 2026 — commissioned and compensated by Cycurion
Cycurion MOU — Kustom Entertainment Jan. 22, 2026 (GlobeNewswire)
Cycurion restructuring and CRO appointment Feb. 11, 2026 (GlobeNewswire)

*DISCLAIMER: This entity is owned by Sherwood Ventures LLC (SV). To more fully understand any SV subscription, website, application or other service, please review our full disclaimer located at https://bullseyealerts.com/disclaimer/

Just so you know, what you're reading is curated content for which we have received a monetary fee (detailed below) to create and distribute. Let's be clear that investing can be quite the roller coaster as stock prices can have wild swings up and down, so consider those crucial risks before you ever consider trading anything we discuss. Make sure you check out our full disclosure down below for the details on how we were paid, the risks, and why these results aren't what you'd call “typical.”

Just a quick heads up about this ad you're reading—as we’ve said, even though we like the company referenced above, and all the facts we discussed above are true to the best of our knowledge, we are running a business here. To distribute this information and help offset the costs of maintaining our large digital audience, in advance of writing the content above, we received fifteen thousand dollars (cash) from CorporateAds for advertising Cycurion, Inc for a multi day marketing program starting on November 6, 2025, and we also received twenty five thousand dollars (cash) from CorporateAds for advertising Cycurion, Inc for a one day marketing program starting on August 7, 2025. Prior to this, we received fifteen thousand dollars (cash) from CorporateAds for advertising Cycurion, Inc for a one day marketing program starting on July 17, 2025. Additionally, we received fifteen thousand dollars (cash) from CorporateAds for advertising Cycurion, Inc for a one day marketing program starting on July 10, 2025. To date, we have received a total of seventy thousand dollars for advertising Cycurion, Inc

We also manage an ongoing marketing campaign for Cycurion, Inc from which we receive direct compensation.

It might seem obvious, but while our client claims not to own any shares in Cycurion, Inc, whoever ultimately paid them most likely owns shares. You should assume they are looking to sell some or all of them at any time after we send out this information, which might negatively affect the stock price. We may also buy or sell shares in the company at some point in the future, although neither Sherwood Ventures nor its owners own any shares of the company at this time. Also, keep in mind that due to the sheer size of our audience, if even a small percentage of people decide they want to buy this stock, it could potentially boost interest enough to hike up those share prices and cause a temporary spike, and the opposite is possible as the marketing campaign ends, though that is not always the case.

Now, diving right into Cycurion, Inc might sound exciting. But remember, it’s like venturing into the wilderness—be aware that there's exceptional risk involved in trading. This isn't small potatoes we're talking about; you could lose every dime you put in, so always carefully think about what you’re doing. That’s why they call this trading, after all. We're shining a light on the good stuff about the company here, but it's up to you to do your homework, make your own calls, and determine a plan for your own trading, hopefully with the help of your professional investment advisor.

Oh, that brings us to another crucial point—we're not here to tell you (or even recommend) what you should do with your hard-earned money. We’re simply sharing our non-expert thoughts by highlighting some companies who are paying us and we like that could use some help telling their story to more people. We’re obviously biased in our writing. We’re not here to dig into anything that may be negative about the company; this is advertising, after all! Also, keep in mind that if we make some predictions about the future, these are technically known as “forward-L00king statements” under the securities acts, so take those with a grain of salt. As with all forecasts, they’re not set in stone, often wrong, and we certainly can’t know where the Company’s earnings, business, or share price will be tomorrow or a year from now.

Everything you read from us is all for your education, information, and possible entertainment. While we believe the info is reliable and accurate, we can't wear a cape and guarantee it. Before you jump into anything, make sure to talk it over with a pro—someone you trust who's licensed to give you real advice. To be clear, neither Sherwood Ventures nor its owners, employees, or independent contractors are registered as a securities broker-dealer, broker, investment advis0r (IA), or IA rep’s with the SEC, any state securities regulatory authority, or any self-regu1atory organization.

So, that's the scoop! If you're intrigued and want to learn more about the companies we talk about, hit up the SEC's website to dig into their filings and see the full picture.